Intrusion detection

ABSTRACT

Disclosed is an intrusion detector that may be used to determine if a person is authorized or unauthorized based upon the person carrying a token in an area being monitored for security. The intrusion detector may include: an interface and processor. The interface may receive video stream data from a camera and token data. The processor may execute operations including: receiving the video stream data and the token data and determining whether a person in the video stream data is carrying a token based upon whether the token data is associated with the person. If the person is determined to not be carrying a token, the person may be displayed as unauthorized.

BACKGROUND

1. Field

The present invention relates generally to intrusion detection.

2. Relevant Background

Common intrusion detection systems primarily utilize a camera forsecurity purposes and are not very effective in populous environments(e.g., corporate and government buildings/offices/structures/compounds,military installations, airports, hospitals, universities, etc.). Thisis because there is no way for a security person viewing the displayfrom the camera to differentiate between authorized people andunauthorized people.

Further, security systems that utilize tokens to allow for the entry andexit of authorized people into and out of secure areas, are alsoineffective in that there is no way for the display to verify to asecurity person whether a person actually has a token once they are inthe secure area. For example, swipe cards are often used as a token tolet people through a door and into a building, however, other peopleoften tail-gate in as well. Once a person is in a building, they may beseen on a display from a camera, but there is no way for a securityperson viewing them to determine whether or not they have an authorizedtoken.

SUMMARY

Aspects of the invention may relate to an apparatus, method, and systemfor utilizing an intrusion detector that is used to determine if aperson is authorized or unauthorized based upon the person carrying atoken in an area being monitored for security. The intrusion detectormay include: an interface and processor. The interface may receive videostream data from a camera and token data. The processor may executeoperations including: receiving the video stream data and the token dataand determining whether a person in the video stream data is carrying atoken based upon whether the token data is associated with the person.If the person is determined to not be carrying a token, the person maybe displayed as unauthorized.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a system in which aspects of the inventionrelated to an intrusion detector may be practiced.

FIG. 2 is a block diagram of the intrusion detector interfacing with atoken and a node.

FIG. 3 is a flow diagram illustrating a process implemented by theintrusion detector to determine whether a person is authorized orunauthorized.

FIG. 4 is a diagram illustrating an example of a display of authorizedand unauthorized people.

FIG. 5 is a diagram of a table providing examples of data utilized todetermine if a person is authorized or unauthorized.

DETAILED DESCRIPTION

The word “example” or “exemplary” is used herein to mean “serving as anexample, instance, or illustration.” Any aspect or embodiment describedherein as “exemplary” or as an “example” in not necessarily to beconstrued as preferred or advantageous over other aspects orembodiments.

With reference to FIG. 1, FIG. 1 is block diagram of a security systemin which aspects of the invention may be practiced. As will bedescribed, aspects of the invention relate to an intrusion detector 102that receives video stream data 104 from a camera 106, in combinationwith token data 108 from a node 150, such that a security person 110viewing the video stream data 104 on a display device 112 can determinewhether a person (e.g., P1 120, P2 122, and P3 124), is carrying a token130. If a person is not carrying a token 130, the person can beidentified as unauthorized and the security person 110 can takeappropriate action.

In one aspect, intrusion detector 102 may include: an interface (I/F)140; a processor 142; a memory 144; a user interface 146; and thedisplay device 112. I/F 140 may be configured to receive video streamdata 104 from camera 106 and token data 108 from node(s) 150. Processor142 may be configured to execute operations including: receiving videostream data 104 and token data 108; and determining whether a person(e.g., 120, 122, and 124) in the video stream data 104 is carrying atoken 130 based upon whether token data 108 is associated with theperson. If the person is determined to not be carrying a token 130, thenthe person may be identified as being unauthorized to the securityperson 110. For example, display device 112 may display the person asbeing unauthorized to security person 110 in the video feed. As anexample, the person may be designated on the display device 112 indashed lines (e.g., person 124) or by a certain color (e.g., red forunauthorized; green for authorized, etc.).

On the other hand, if processor 142 of intrusion detector 102 determinesthat the person (e.g., person 120, 122) is carrying a token 130, thenthe person may be displayed as being authorized on the display device112 to security person 110. For example, the person 120, 122 may beshown in full lines and/or colored green, etc. It should be apparent tothose of skill in the art that there are many different types of displaymethods that may be utilized.

Further, it should be appreciated that intrusion detector 102 may be anytype of suitable computing device (e.g., specialized security computersystem, personal computer, server computer, laptop computer, mobiledevice, non-mobile device, wireless device, smart phone, cell phone,tablet, personal digital assistant (PDA), etc.) having a processor 142and memory 144 to implement the previously described functionality. Userinterface 146 may be any suitable type of input mechanism, e.g.,keyboard, keypad, touch-screen, voice recognition microphone, etc.Further, I/F 140 may be a suitable wired or wireless interface. Whenimplemented as a wireless interface, I/F 140 may include suitabletransceiver components (e.g., a wireless transmitter and receiver) tosend and receive data.

In one particular aspect, a node 150 may be used to generate token data108 that is transmitted to intrusion detector 102. The token data 108may be based upon an identification signal received from the token 130,as well as, position data that is calculated to estimate the position ofthe token 130. For example, the token data 108 may include both positiondata associated with the token 130, as well as, identification dataassociated with a person (e.g., a token number, a personal ID, etc.). Inthis way, based upon the position data of the token data 108 and thevideo stream data 104, intrusion detector 102 can map the position dataof the token 108 with the person on the video stream such that, forexample, person 120 can be determined and shown to be carrying a token130 based upon position data associated with the token 130 and theperson 120 through the display device 112 to a security person 110.

In one embodiment, the position of the token 130 may be calculated orestimated by the node 150 and the node 150 may transmit this token data108 (e.g., the token position) to the intrusion detector 102, as will bedescribed. In another embodiment, token 130 may calculate its ownposition data and transmit this data directly to the intrusion detector102 or through a node 150 to the intrusion detector 102.

Further, as previously described, based upon this, processor 142 of theintrusion detector 102 may determine if a person is associated withtoken data 108 or not associated with token data 108. In one embodiment,the intrusion detector 102 may associate a person with a token 130 basedupon the actual position of the token 130 as determined by a node 150.The intrusion detector 102 may display a person 120 on the displaydevice 112 based upon the video stream 104 from the camera 106 incombination with token data 108 (e.g., the position data of the token130) such that if a person has no token data associated with them (e.g.,no position data), the person may be shown on the display device 112 indashed lines (e.g., person 124) or by a certain color (e.g., red forunauthorized, etc.) to the security person 110.

On the other hand, if processor 142 of intrusion detector 102 associatesa person with token data 108 by mapping the position data of the token130 with person in the video stream 104 such that the person (e.g.,person 120, 122) is determined and displayed as carrying a token 130,then the person may be displayed as being authorized on the displaydevice 112 to the security person 110. For example, the person 120, 122may be shown in full lines and/or colored green, etc.). It should beapparent to those of skill in the art that there are many differenttypes of display methods that may be utilized.

Also, it should be appreciated that a person “carrying” a token merelyrefers to a person having a token in their presence (e.g., in a pocket,being held, on a wristband, on a necklace, etc.).

As an example, as shown in FIG. 1, various nodes 150 may be mounted towalls of a room 160. It should be appreciated that various nodes 150 maybe located at a multitude of different locations (walls, ceilings,floors, tables, furniture, other locations, etc.) throughout a building(e.g., halls, rooms, auditoriums, airport, etc.) or outside a building(e.g., parking lot, walkways, etc.). In particular, each of these nodes150 may have a known position location. Additionally, each node may bepowered by a power supply (e.g., an already existing electrical plug).

With additional reference to FIG. 2, a block diagram of components ofthe security system is illustrated. As an example, a node 150 may be acomputing device having a processor 202 and a memory 204 to implementvarious functions including calculating and transmitting token data suchas, position data and ID information of tokens 130,132, to the intrusiondetector 102. Node 150 may include an I/F 206 (e.g., wireless or wired)to receive ID signals 230 from tokens 130,132 and to transmit token data108 to intrusion detector 102 and to other nodes. When implemented as awireless interface, I/F 206 may include suitable transceiver components(e.g., a wireless transmitter and receiver) to send and receive data.

Further, as an example, a token 130 may be a computing device having aprocessor 210 and a memory 212 to implement various functions. Memory210 of token 132 may store various identifiers such as: a token number220; a personal ID 222; as well as various other identifiers. Token 130may include an I/F 214 (e.g., wireless or wired—but typically wireless)to transmit and receive ID signals 230 to and from other tokens 132 andnodes 150. When implemented as a wireless interface, I/F 214 may includesuitable transceiver components (e.g., a wireless transmitter andreceiver) to send and receive data.

Various types of ID signals 230 may be used. For example, an ID signal230 may merely identify a particular number for a token (e.g., token ID#220) to identify the token 130. However, tokens 132 may also include apersonal ID 222 that identifies a particular person that is designatedto utilize the token 130. As an example, a person's name, age, height,weight, job title, check-in time, etc., may be a personal ID 222.Further, tokens at predetermined intervals (e.g., every 15 seconds) maytransmit out their ID signal 230. A token 130 may include a power source216, such as a battery, so that it is portably powered. As an example, atoken 130 may be a smart wireless device that does not require a lot ofcomputational power such that it is inexpensive, light weight, and veryportable.

In one aspect, nodes 150, under the control of a position determiningprogram (e.g., such as, a triangulation program) implemented byprocessor 202, may calculate the positions of tokens 130, 132 andtransmit the position data of the tokens (as token data 108) to theintrusion detector 102. In order to calculate the positions of tokens130 and 132, nodes 150 may communicate token data 111 with each other tocalculate the position of identified tokens 130, 132 in a triangulationmethodology. Such token data 111 may include time to receive an IDsignal 230 from a particular token 130, 132.

It should be appreciated that the nodes 150 have fixed positions andtherefore have predefined positions which may be pre-programmed intoeach node 150 and each node knows the other nodes 150 positions.Therefore, the nodes 150 may receive ID signals 230 from the tokens 130,132 and may calculate the position of each token 130, 132 such that allof the positions of the tokens 130, 132 can be determined based upon theknown position locations of the nodes 150 and the received ID signals230 from the tokens 130, 132 based upon a triangulation methodology.

As one example, the nodes 150 may implement a triangulation program todetermine the position of a token. Referring back to FIG. 1, node 170may receive an ID signal from token 130 of person 120 and may calculatethe time to receive the ID signal. Further, node 172 may also receivethe ID signal and may calculate the time to receive the ID signal fromtoken 130 of person 120 and may communicate this token data to node 170.In particular, based upon the known positions of nodes 170 and 172 andthe transmit times of the ID signals from token 130 of person 120 to thenodes 170 and 172, node 170 may estimate the position of token 130 fromperson 120. Further, additional nodes 174 and 176 may also transmittoken data to node 170 and in combination with their known positions canfurther increase the accuracy of the estimate of the position of token130 of person 120. Moreover, the position estimates for other tokens 130for other people (e.g., person 2 122) already made may also be utilizedin triangulation techniques for better position estimates by the nodes150 for other tokens 130. Additionally, tokens 130 may communicate withone another in token to token communication and to the nodes 150 to aidin token position estimation by the nodes 150 via triangulation methods.Furthermore, tokens 130 may estimate their own positions and communicatewith one another in token to token communication to aid in tokenposition estimation.

In this way, by tokens 130 (that are moving) communicating with variousnodes 150 (having fixed and known positions) that communicate token data(e.g., time to receive an ID signal from a particular token) with oneanother, an ad-hoc mesh network is provided in which by utilizingtriangulation techniques the positions of tokens 130 may be estimated bynodes 150 and transmitted as position token data 108 to the intrusiondetector 102. It should be appreciated that a wide variety of differingtypes of position calculation techniques may be implemented by the nodes150 and that this is just one example. Further, the intrusion detector102 may also calculate the position estimates of the tokens 130 basedupon data from the nodes 150 in addition to the nodes or instead of thenodes. Also, as previously described, in one embodiment, in the case ofmore complex tokens, the tokens may calculate their own positionestimation data. In summary, as previously described, by utilizingtriangulation techniques, an ad-hoc mesh network is created in whichnodes 150 and tokens 130 communicate with one another such that positiondata for each token 130 may be accurately estimated.

Also, it should be appreciated that this is just one example of nodes150 communicating in a room to implement position determinationtechniques and that these techniques may be implemented by nodes at avariety of different locations (walls, ceilings, floors, tables,furniture, other locations, etc.) throughout a building (e.g., halls,rooms, auditoriums, airport, etc.) or outside a building (e.g., parkinglot, walkways, etc.).

With brief additional reference to FIG. 3, FIG. 3 shows a flow diagramillustrating a process 300 to determine whether a person is authorizedor not authorized based upon the use of tokens. At block 302, intrusiondetector 102 may receive video stream data 104 and token data 108 fromnodes 150. At decision block 304, intrusion detector 102 may determinewhether a person (120, 122, 124) in the video stream data 104 iscarrying a token 130 based upon whether token position data isassociated with a person. For example, if the person is determined tonot be carrying a token 130 based upon the token position data, then theperson may be identified as being unauthorized to the security person110 (block 306). For example, display device 112 may display the personas being unauthorized to security person 110 in the video feed. As anexample, the person may be designated on the display device 112 indashed lines (e.g., person 124) or by a certain color (e.g., red forunauthorized).

On the other hand, if at decision block 304, the intrusion detector 102determines that the person 120,122 is carrying a token 130, then theperson is displayed as being authorized on display device 112 to thesecurity person 110 (block 308). For example, the person 120,122 may beshown in full lines and/or colored green, etc.

In addition to the use of token data 108 (e.g., position token data),the intrusion detector 102 may also utilize biometric data to determinewhether persons or authorized or not authorized.

In an additional aspect, if a person 120 is determined to be carrying atoken 130 by the by the position data of the token 130 being associatedwith the person 120 of the video stream 104 by processor 142 ofintrusion detector 102, then intrusion detector 102 may further executeoperations including comparing measured biometric data of the person 120carrying the token to stored biometric data for the person assigned tothe token. As an example, memory 144 of the intrusion detector 102 maystore biometric data for authorized persons.

If the measured biometric data of the person 120 carrying the token 130matches the stored biometric data for the person 120 assigned to thetoken, the person 120 may be identified as authorized and the authorizedperson may be displayed on the display device 112 to a security person110 as authorized, as previously described.

However, as will be described, if the measured biometric data of theperson carrying the token does not match the stored biometric data forthe person assigned to the token, the person may be identified asunauthorized and the unauthorized person may be displayed on the displaydevice to a security person as unauthorized. The biometric data mayinclude facial recognition, height, weight, voice, etc. It should beappreciated that a wide variety of different types of biometric data maybe utilized and that these are only examples.

Biometric data may be determined by known methodologies by intrusiondetector 102 under the control of processor 142 to utilize the videostream data 104, along with other data (e.g., sound data) transmitted tothe intrusion detector 102 by other sources, to determine biometric datarelated to facial recognition, height, weight, voice, etc. Thisbiometric data utilized in combination with token data providesadditional security in determining authorized and unauthorized persons.Examples of this will be hereinafter described.

With additional reference to FIGS. 4 and 5, examples of the intrusiondetector 102 determining whether persons in the video stream 104 shouldbe identified as authorized or not authorized based upon token data 108and biometric data will be described. As an example, as shown in FIG. 4,person (P1) 120 may have a token 130. Person 120 may be shown on displayscreen 400 of display device 112 to a security person 110. As previouslydescribed, person 120 may be displayed to have a token 130 based uponthe determined position data of the token 130 being associated withperson 120 by the intrusion detector 102 such that the token 130 isdisplayed with person 120 on the display screen 400. Further, biometricdata may also be utilized.

As an example, the intrusion detector 102 based upon facial recognition,height, and weight as calculated from the video stream 104 may comparethis to previously stored biometric data for the person assigned to thetoken 130 with respect to facial recognition, height, and weight. Thus,it may be determined whether the person 120 has substantially the sameface, same height, same weight, etc., as stored for the assigned person.In particular, if the biometric data for the person assigned to thetoken 130 matches, then person 120 is displayed as authorized.

For example, with brief additional reference to FIG. 5, which is a table500 showing collected data by the intrusion detector, table 500 mayinclude person P1 120 having: a token identifier 510 set to “yes”;position identifier 512 set to “correct” indicating that the token isassociated with the correct position data for the person P1 120; andbiometric data 514 set to “matches” indicating matching biometricdata—such that intrusion detector 102 identifies the person 120 asauthorized 516. For example, the person 120 may be shown in full linesand/or colored green, etc., on the display screen 400.

As another example, as shown in FIG. 4, person (P2) 122 may have a token130. Person 122 may be shown on display screen 400 of the display device112 to a security person 110. As previously described, person 122 may bedisplayed to have a token 130 based upon the determined position data ofthe token 130 being associated with person 122 by the intrusion detector102 such that the token 130 is displayed with person 122 on the displayscreen 400. Further, biometric data may also be utilized.

As an example, the intrusion detector 102 based upon facial recognition,height, and weight biometric data as calculated from the video stream104 may compare this to previously stored biometric data for the personassigned to the token 130 with respect to facial recognition, height,and weight. Thus, intrusion detector 102 may determine whether person122 has substantially the same face, same height, same weight, etc., asstored for the assigned person. In particular, if the biometric data forthe person assigned to the token 130 does not match (e.g., the personhas a different face, height, weight, etc.), then person 122 may bedisplayed as not authorized.

For example, with brief reference to FIG. 5, which is a table 500showing collected data by the intrusion detector, table 500 may includeperson P2 122 having: a token identifier 510 set to “yes”; positionidentifier 512 set to “correct” indicating that the token is associatedwith the correct position data for the person P2 122; and biometric data514 set to “not matching” indicating biometric data that does notmatch—such that intrusion detector 102 identifies the person 120 as notauthorized 516. For example, the person 122 may be shown in dashed linesand/or by a certain color (e.g., red for unauthorized) on the displayscreen 400. In this example, there is a high probability that anunauthorized person has the token 130.

In addition, a level of confidence may be utilized (e.g., fuzzyauthorization). In this example, person P2 has a token 130, but thebiometric data 514 measured is indicative of not matching the authorizedperson that the token 130 is supposed to be carried by. In particular,as an example, P2's face may not be recognizable by the system and P2'sheight and weight may be off by 15% in comparison to the values storedfor the authorized person. In this instance, there is a high probabilitythat the person is unauthorized—but this determination cannot be madefor certain. Therefore, a level of confidence as to whether the personis authorized is assigned and may be shown by a bar next to the personon the display screen 400. As an example, a bar 123 may be displayednext to the person (P2) indicating the level of confidence. In thisexample, the level of confidence is low (e.g., 30%) because there is ahigh probability based upon the measurable biometric data that theperson (P2) is not the person authorized to be carrying the token. Itshould be appreciated that a wide variety of different types of level ofconfidence measurements (e.g., based upon biometric data) may beutilized and that a variety of different types of displays may beutilized—and that these example are merely illustrative.

As yet another example, as shown in FIG. 4, person (P3) 124 may not havea token. Person 124 may be shown on display screen 400 of display device112 to a security person 110 based upon video stream 104. Because person124 does not have a token, they may be automatically display asunauthorized. For example, person 124 may be shown in dashed linesand/or by a certain color (e.g., red for unauthorized) on the displayscreen 400.

However, even though the person does not have a token, biometric datamay still be utilized to identify the person. For example, the intrusiondetector 102 based upon facial recognition, height, and weight ascalculated from the video stream 104 may compare this to previouslystored biometric for a person that may be authorized. Thus, it may bedetermined whether the person has substantially the same face, sameheight, same weight, etc., of an authorized person, or not, in whichcase they are not authorized. For example, with brief reference to FIG.5, table 500 may include person P3 124 having: a token identifier 510set to “no”; position identifier 512 set to “none” indicating that thereis no token associated with person 124; biometric data 514 set to “notmatching” indicating biometric data that does not match—such thatintrusion detector 102 identifies the person 120 as not authorized 516.On the other hand, even though the person does not have a token, theperson may be identified as typically authorized if the intrusiondetector 102 determines if biometric data for facial recognition,height, and weight calculated from the video stream 104 matchesbiometric data associated with a stored authorized person.

Further, it should be appreciated that the intrusion detector 102 maystill estimate the position of person 124 without a token, based uponthe previously described triangulation methodology and based upon thealready estimated positions of the tokens 130, persons 122 and 124, andthe predefined positions of all the nodes 150.

Therefore, aspects of the invention relate to an intrusion detector 102that receives video stream data 104 from a camera 106 in combinationwith token data 108 such that it can be determined by a security person110 viewing the video stream data on a display device 112 whether aperson is carrying a token 103. If a person is not carrying a token,they may automatically be displayed as unauthorized (e.g., in dashedlines and/or colored red, etc.) and the security person 110 can takeappropriate action. On the other hand, a person 120 may determined to beauthorized by their possession of a token 130 and may be displayed tosecurity personnel 110 as such (e.g., in full lines and/or coloredgreen, etc.).

Examples have been provided in which a token 130 may be smart wirelessdevice which can have its location determined by communicating withnodes 150 in an ad-hoc mesh network. Using object detection methods onthe video stream data 104 from a camera 106, all persons can be detectedregardless of their possession of tokens 130. It should be appreciatedthat any suitable camera may be utilized, such as, an infrared (IR)camera, etc.

Additionally, intrusion detector 102 may create a list of people withina space and cross-correlate that with the list of authorized people(e.g., persons 120 and 122 in FIG. 1). Areas in which unauthorizedpeople (e.g., person 124 in FIG. 1) are located may generate an alarm(e.g., sound alarms or visual alarms) to be brought to the attention ofsecurity personnel 110. As a previously described example, unauthorizedpeople could be highlighted on the video stream (e.g., in red or dashedlines). Further, as previously described, when biometric data isassociated with tokens 130 as implemented by intrusion detector 102,inappropriate or stolen tokens may be automatically identified bychecking stored biometric data associated with the token againstdetected biometric data (e.g., height, weight, or facial recognition)for the person carrying the token. Also, further biometric data streams(e.g., audio, pressure, movement, etc.) from other sources may also beutilized.

Additionally, it should be appreciated that although the display device112 examples of FIG. 1 and FIG. 4 show 2D examples of displaying persons120, 122, 124 and described different types of light and solid/dashedpresentation techniques, that these are merely simple examples. Any typeof display may be utilized: 2D, 3D, computer graphics, cartoon, digital,real-time video with computer graphic techniques, etc.

Further, it should be appreciated that the previously described exampleof a room 160 in which nodes 150 communicate to implement positiondetermination techniques that are utilized by intrusion detector 102 toidentify authorized and unauthorized people to security is just oneexample. These techniques may be implemented by nodes at a variety ofdifferent locations (walls, ceilings, floors, tables, furniture, otherlocations, etc.) throughout buildings (e.g., halls, rooms, auditoriums,airport, etc.) or outside buildings (e.g., parking lot, walkways, etc.).

An example of the utilization of the previously-described techniques maybe in an airport scenario. In the airport scenario, with FIG. 1 as anillustration, a person may approved at a security check-point, at whichpoint they are given a token 130 (e.g., person 120 and 122) to walkthrough the building 160 to the airplane, at which point they then canhand-back the token upon the boarding of the airplane. Unauthorizedpeople (without tokens 130, e.g., person 124) could be tracked bysecurity personnel 110 on the display device 112 and authorized people120 and 122, with tokens 130, could be found if needed (e.g., if theyare late for their flight).

Aspects of the invention provide advantages in that: authorization istracked constantly (not just at entry points); biometric data iscontinuously checked; and human interaction is reduced (e.g., a securityguard is only required when a person is shown on the display device asunauthorized and/or an alarm is set off). Further, biometric matching issimplified because particular singular people are matched against asingular set of known data for that particular person. Moreover, anattack by the insertion of a fake video feed (e.g., a replay of earlierfootage) cannot be utilized with aspects of the invention because thefake video would not correlate with the detected scene of authorizedpersons carrying tokens provided by the system.

It should be appreciated that aspects of the invention previouslydescribed may be implemented in conjunction with the execution ofinstructions by processors 142, 202, 210 of intrusion detectors 102,nodes 150, and tokens 130. Particularly, circuitry of the intrusiondetectors, nodes, and tokens, including but not limited to processors,may operate under the control of a program, routine, or the execution ofinstructions to execute methods or processes in accordance withembodiments of the invention. For example, such a program may beimplemented in firmware or software (e.g. stored in memory and/or otherlocations) and may be implemented by processors and/or other circuitry.Further, it should be appreciated that the terms processor,microprocessor, circuitry, controller, etc., refer to any type of logicor circuitry capable of executing logic, commands, instructions,software, firmware, functionality, etc

It should be appreciated that when the intrusion detectors 102, nodes150, and tokens 130 are mobile or wireless devices that they maycommunicate via one or more wireless communication links through awireless network that are based on or otherwise support any suitablewireless communication technology. For example, in some aspects theintrusion detectors, nodes, and tokens and other devices may associatewith a network including a wireless network. In some aspects the networkmay comprise a body area network or a personal area network (e.g., anultra-wideband network). In some aspects the network may comprise alocal area network or a wide area network. A wireless device may supportor otherwise use one or more of a variety of wireless communicationtechnologies, protocols, or standards such as, for example, CDMA, TDMA,OFDM, OFDMA, WiMAX, and Wi-Fi. Similarly, a wireless device may supportor otherwise use one or more of a variety of corresponding modulation ormultiplexing schemes. A wireless device may thus include appropriatecomponents (e.g., air interfaces) to establish and communicate via oneor more wireless communication links using the above or other wirelesscommunication technologies. For example, a device may comprise awireless transceiver with associated transmitter and receiver components(e.g., a transmitter and a receiver) that may include various components(e.g., signal generators and signal processors) that facilitatecommunication over a wireless medium. As is well known, a mobilewireless device may therefore wirelessly communicate with other mobiledevices, cell phones, other wired and wireless computers, Internetweb-sites, etc.

The techniques described herein can be used for various wirelesscommunication systems such as Code Division Multiple Access (CDMA), Timedivision multiple access (TDMA), Frequency Division Multiple Access(FDMA), Orthogonal Frequency-Division Multiple Access (OFDMA), SingleCarrier FDMA (SC-FDMA) and other systems. The terms “system” and“network” are often used interchangeably. A CDMA system can implement aradio technology such as Universal Terrestrial Radio Access (UTRA),CDMA2000, etc. UTRA includes Wideband-CDMA (W-CDMA) and other variantsof CDMA. CDMA2000 covers Interim Standard (IS)-2000, IS-95 and IS-856standards. A TDMA system can implement a radio technology such as GlobalSystem for Mobile Communications (GSM). An OFDMA system can implement aradio technology such as Evolved Universal Terrestrial Radio Access;(Evolved UTRA or E-UTRA), Ultra Mobile Broadband (UMB), Institute ofElectrical and Electronics Engineers (IEEE) 802.11 (Wi-Fi), IEEE 802.16(WiMAX), IEEE 802.20, Flash-OFDM™, etc. Universal Terrestrial RadioAccess (UTRA) and E-UTRA are part of Universal Mobile TelecommunicationSystem (UMTS). 3GPP Long Term Evolution (LTE) is an upcoming release ofUMTS that uses E-UTRA, which employs OFDMA on the downlink and SC-FDMAon the uplink. UTRA, E-UTRA, UMTS, LTE and GSM are described indocuments from an organization named “3rd Generation PartnershipProject” (3GPP). CDMA2000 and UMB are described in documents from anorganization named “3rd Generation Partnership Project 2” (3GPP2).

The teachings herein may be incorporated into (e.g., implemented withinor performed by) a variety of apparatuses (e.g., devices). For example,one or more aspects taught herein may be incorporated into a phone(e.g., a cellular phone), a personal data assistant (“PDA”), a tablet, amobile computer, a laptop computer, a tablet, an entertainment device(e.g., a music or video device), a headset (e.g., headphones, anearpiece, etc.), a user I/O device, a computer, a server, apoint-of-sale device, an entertainment device, a set-top box, or anyother suitable device. These devices may have different power and datarequirements

In some aspects, a wireless device may comprise an access device (e.g.,a Wi-Fi access point) for a communication system. Such an access devicemay provide, for example, connectivity to another network (e.g., a widearea network such as the Internet or a cellular network) via a wired orwireless communication link. Accordingly, the access device may enableanother device (e.g., a Wi-Fi station) to access the other network orsome other functionality. In addition, it should be appreciated that oneor both of the devices may be portable or, in some cases, relativelynon-portable.

Those of skill in the art would understand that information and signalsmay be represented using any of a variety of different technologies andtechniques. For example, data, instructions, commands, information,signals, bits, symbols, and chips that may be referenced throughout theabove description may be represented by voltages, currents,electromagnetic waves, magnetic fields or particles, optical fields orparticles, or any combination thereof.

Those of skill would further appreciate that the various illustrativelogical blocks, modules, circuits, and algorithm steps described inconnection with the embodiments disclosed herein may be implemented aselectronic hardware, computer software, or combinations of both. Toclearly illustrate this interchangeability of hardware and software,various illustrative components, blocks, modules, circuits, and stepshave been described above generally in terms of their functionality.Whether such functionality is implemented as hardware or softwaredepends upon the particular application and design constraints imposedon the overall system. Skilled artisans may implement the describedfunctionality in varying ways for each particular application, but suchimplementation decisions should not be interpreted as causing adeparture from the scope of the present invention.

The various illustrative logical blocks, modules, and circuits describedin connection with the embodiments disclosed herein may be implementedor performed with a general purpose processor, a digital signalprocessor (DSP), an application specific integrated circuit (ASIC), afield programmable gate array (FPGA) or other programmable logic device,discrete gate or transistor logic, discrete hardware components, or anycombination thereof designed to perform the functions described herein.A general purpose processor may be a microprocessor, but in thealternative, the processor may be any conventional processor,controller, microcontroller, or state machine. A processor may also beimplemented as a combination of computing devices, e.g., a combinationof a DSP and a microprocessor, a plurality of microprocessors, one ormore microprocessors in conjunction with a DSP core, or any other suchconfiguration.

The steps of a method or algorithm described in connection with theembodiments disclosed herein may be embodied directly in hardware, in asoftware module executed by a processor, or in a combination of the two.A software module may reside in RAM memory, flash memory, ROM memory,EPROM memory, EEPROM memory, registers, hard disk, a removable disk, aCD-ROM, or any other form of storage medium known in the art. Anexemplary storage medium is coupled to the processor such the processorcan read information from, and write information to, the storage medium.In the alternative, the storage medium may be integral to the processor.The processor and the storage medium may reside in an ASIC. The ASIC mayreside in a user terminal. In the alternative, the processor and thestorage medium may reside as discrete components in a user terminal.

In one or more exemplary embodiments, the functions described may beimplemented in hardware, software, firmware, or any combination thereof.If implemented in software as a computer program product, the functionsmay be stored on or transmitted over as one or more instructions or codeon a computer-readable medium. Computer-readable media includes bothcomputer storage media and communication media including any medium thatfacilitates transfer of a computer program from one place to another. Astorage media may be any available media that can be accessed by acomputer. By way of example, and not limitation, such computer-readablemedia can comprise RAM, ROM, EEPROM, CD-ROM or other optical diskstorage, magnetic disk storage or other magnetic storage devices, or anyother medium that can be used to carry or store desired program code inthe form of instructions or data structures and that can be accessed bya computer. Also, any connection is properly termed a computer-readablemedium. For example, if the software is transmitted from a web site,server, or other remote source using a coaxial cable, fiber optic cable,twisted pair, digital subscriber line (DSL), or wireless technologiessuch as infrared, radio, and microwave, then the coaxial cable, fiberoptic cable, twisted pair, DSL, or wireless technologies such asinfrared, radio, and microwave are included in the definition of medium.Disk and disc, as used herein, includes compact disc (CD), laser disc,optical disc, digital versatile disc (DVD), floppy disk and blu-ray discwhere disks usually reproduce data magnetically, while discs reproducedata optically with lasers. Combinations of the above should also beincluded within the scope of computer-readable media.

The previous description of the disclosed embodiments is provided toenable any person skilled in the art to make or use the presentinvention. Various modifications to these embodiments will be readilyapparent to those skilled in the art, and the generic principles definedherein may be applied to other embodiments without departing from thespirit or scope of the invention. Thus, the present invention is notintended to be limited to the embodiments shown herein but is to beaccorded the widest scope consistent with the principles and novelfeatures disclosed herein.

What is claimed is:
 1. An intrusion detector comprising: an interface toreceive video stream data from a camera and token data; and a processorto execute operations including: receiving the video stream data and thetoken data, the token data comprising position data associated with atoken, the position data being calculated using triangulation based on aplurality of nodes with known locations; and determining whether aperson in the video stream data is carrying the token based upon theposition data being associated with the token and with the person;wherein, when the person in the video stream data is determined to notbe carrying the token associated with the calculated position data,identifying the person in the video stream data as unauthorized.
 2. Theintrusion detector of claim 1, further comprising a display device,wherein, the unauthorized person is displayed on the display device asunauthorized.
 3. The intrusion detector of claim 1, wherein, if theperson is determined to be carrying the token, further comprisingidentifying the person as authorized.
 4. The intrusion detector of claim3, further comprising a display device, wherein, the authorized personis displayed on the display device as authorized.
 5. The intrusiondetector of claim 1, wherein the token data comprises an identificationsignal received from the token.
 6. The intrusion detector of claim 1,wherein, if the person is determined to be carrying the token, theprocessor further executes operations including comparing measuredbiometric data of the person carrying the token to stored biometric datafor the person assigned to the token.
 7. The intrusion detector of claim6, wherein, if the measured biometric data of the person carrying thetoken matches the stored biometric data for the person assigned to thetoken, the processor further executes operations including identifyingthe person as authorized.
 8. The intrusion detector of claim 7, furthercomprising a display device, wherein, the authorized person is displayedon the display device as authorized.
 9. The intrusion detector of claim6, wherein, if the measured biometric data of the person carrying thetoken does not match the stored biometric data for the person assignedto the token, the processor further executes operations includingidentifying the person as unauthorized.
 10. The intrusion detector ofclaim 9, further comprising a display device, wherein, the unauthorizedperson is displayed on the display device as unauthorized.
 11. Theintrusion detector of claim 6, wherein the measured biometric dataincludes facial recognition.
 12. The intrusion detector of claim 7,wherein the measured biometric data includes at least one of height orweight.
 13. A method comprising: receiving video stream data from acamera and token data, the token data comprising position dataassociated with a token, the position data being calculated usingtriangulation based on a plurality of nodes with known locations; anddetermining whether a person in the video stream data is carrying thetoken based upon the position data being associated with the token andwith the person; wherein, when the person in the video stream data isdetermined to not be carrying the token associated with the calculatedposition data, identifying the person in the video stream data asunauthorized.
 14. The method of claim 13, further comprising displayingthe unauthorized person on a display device as unauthorized.
 15. Themethod of claim 13, wherein, if the person is determined to be carryingthe token, further comprising identifying the person as authorized anddisplaying the authorized person on a display device as authorized. 16.The method of claim 13, wherein the token data comprises anidentification signal received from the token.
 17. The method of claim13, wherein, if the person is determined to be carrying the token,further comprising, comparing measured biometric data of the personcarrying the token to stored biometric data for the person assigned tothe token.
 18. The method of claim 17, wherein, if the measuredbiometric data of the person carrying the token matches the storedbiometric data for the person assigned to the token, further comprisingidentifying the person as authorized and displaying the authorizedperson on a display device as authorized.
 19. The method of claim 17,wherein, if the measured biometric data of the person carrying the tokendoes not match the stored biometric data for the person assigned to thetoken, further comprising identifying the person as unauthorized anddisplaying the unauthorized person on a display device as unauthorized.20. The method of claim 17, wherein the measured biometric data includesat least one of facial recognition, height, or weight.
 21. Anon-transitory computer-readable medium comprising code which, whenexecuted by a processor of an intrusion detector, causes the processorto perform a method comprising: receiving video stream data from acamera and token data, the token data comprising position dataassociated with a token, the position data being calculated usingtriangulation based on a plurality of nodes with known locations; anddetermining whether a person in the video stream data is carrying thetoken based upon the position data being associated with the token andwith the person; wherein, when the person in the video stream data isdetermined to not be carrying the token associated with the calculatedposition data, identifying the person in the video stream data asunauthorized.
 22. The non-transitory computer-readable medium of claim21, further comprising code for displaying the unauthorized person on adisplay device as unauthorized.
 23. The non-transitory computer-readablemedium of claim 21, wherein, if the person is determined to be carryingthe token, further comprising code for identifying the person asauthorized and displaying the authorized person on a display device asauthorized.
 24. The non-transitory computer-readable medium of claim 21,wherein the token data comprises an identification signal received fromthe token.
 25. The non-transitory computer-readable medium of claim 21,wherein, if the person is determined to be carrying the token, furthercomprising code for comparing measured biometric data of the personcarrying the token to stored biometric data for the person assigned tothe token.
 26. The non-transitory computer-readable medium of claim 25,wherein, if the measured biometric data of the person carrying the tokenmatches the stored biometric data for the person assigned to the token,further comprising code for identifying the person as authorized anddisplaying the authorized person on a display device as authorized. 27.The non-transitory computer-readable medium of claim 25, wherein, if themeasured biometric data of the person carrying the token does not matchthe stored biometric data for the person assigned to the token, furthercomprising code for identifying the person as unauthorized anddisplaying the unauthorized person on a display device as unauthorized.28. The non-transitory computer-readable medium of claim 25, wherein themeasured biometric data includes facial recognition.
 29. Thenon-transitory computer-readable medium of claim 25, wherein themeasured biometric data includes at least one of height or weight. 30.An intrusion detector comprising: means for receiving video stream datafrom a camera and token data, the token data comprising position dataassociated with a token, the position data being calculated usingtriangulation based on a plurality of nodes with known locations; andmeans for determining whether a person in the video stream data iscarrying the token based upon the position data being associated withthe token and with the person; wherein, when the person in the videostream data is determined to not be carrying the token associated withthe calculated position data, identifying the person in the video streamdata as unauthorized.
 31. The intrusion detector of claim 30, furthercomprising means for displaying the unauthorized person as unauthorized.32. The intrusion detector of claim 30, wherein, if the person isdetermined to be carrying the token, further comprising means foridentifying the person as authorized and displaying the authorizedperson as authorized.
 33. The intrusion detector of claim 30, whereinthe token data comprises an identification signal received from thetoken.
 34. The intrusion detector of claim 30, wherein, if the person isdetermined to be carrying the token, further comprising means forcomparing measured biometric data of the person carrying the token tostored biometric data for the person assigned to the token.
 35. Theintrusion detector of claim 34, wherein, if the measured biometric dataof the person carrying the token matches the stored biometric data forthe person assigned to the token, further comprising means foridentifying the person as authorized and displaying the authorizedperson as authorized.
 36. The intrusion detector of claim 34, wherein,if the measured biometric data of the person carrying the token does notmatch the stored biometric data for the person assigned to the token,further comprising means for identifying the person as unauthorized anddisplaying the unauthorized person as unauthorized.
 37. The intrusiondetector of claim 34, wherein the measured biometric data includes atleast one of facial recognition, height, or weight.